Updated: 2026-02-08 03:17:49.061832
Description:
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | libxml2 | 2.9.1 | 7.5 | HIGH | Released | CLSA-2025:1757413554 | 2025-09-09 10:45:04 | |
| Ubuntu 16.04 ELS | libxml2 | 2.9.3 | 7.5 | HIGH | Released | CLSA-2025:1757015069 | 2025-09-04 21:31:54 | |
| Ubuntu 18.04 ELS | libxml2 | 2.9.4 | 7.5 | HIGH | Released | CLSA-2025:1757015164 | 2025-09-04 21:31:55 | |
| Ubuntu 20.04 ELS | libxml2 | 2.9.10 | 7.5 | HIGH | Released | CLSA-2025:1757522880 | 2025-09-10 21:05:03 |